[No response was received as of Jan 13, 2006]

From: Xavier <compromise@gmail.com>
To: admin@QualityPPC.com
Date: Tue, 13 Dec 2005 14:58:33 -0500
Subject: Security issues with Quality PPC version 1.0 build 1644.

Greetings,

Please forward this email to the developers involved in the QualityPPC
product, as the information below touches on security concerns coupled
with the Quality PPC version 1.0 build 1644.

The "cpage" variable is not properly sanitized, thus allowing attackers to:
1) craft special URLs that can cause an authorized users browser to
execute arbitrary javascript code. (via automated attack, or social
engineering)
2) view sensitive file system directory structure (or path disclosure).

The first issue is serious, as it could lead to session hijacking. The
name of the specific attack is called Cross Site Scripting (or "XSS")
for short. An example of the attack goes as follows:
http://[target]/[path]/admin.php?p=7&cpage="><script>alert(String.fromCharCode(88,83,83))</script><!---

The second issue isn't as serious, but it can be used to further
educate an attacker on the structure of the internal structure.
Examples of the attack go as follows:
http://[target]/[path]/admin.php?p=0&cpage=[enter meta characters here]
http://[target]/[path]/admin.php?p=5&cpage=[enter meta characters here]
http://[target]/[path]/admin.php?p=10&cpage=[enter meta characters here]
http://[target]/[path]/admin.php?p=11&cpage=[enter meta characters here]
http://[target]/[path]/admin.php?p=15&cpage=[enter meta characters here]
http://[target]/[path]/admin.php?p=17&cpage=[enter meta characters here]
http://[target]/[path]/admin.php?p=19&cpage=[enter meta characters here]
http://[target]/[path]/admin.php?p=22&cpage=[enter meta characters here]

Please reply with any questions.

Take care,
Xavier.